Source: wpa Version: 2:2.9.0-15 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for wpa. CVE-2020-12695[0]: | The Open Connectivity Foundation UPnP specification before 2020-04-17 | does not forbid the acceptance of a subscription request with a | delivery URL on a different network segment than the fully qualified | event-subscription URL, aka the CallStranger issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-12695 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695 [1] https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt Please adjust the affected versions in the BTS as needed. Regards, Salvatore
